From c1b37e9020422490a306ede7f1b10eaaadd0f251 Mon Sep 17 00:00:00 2001
From: Ruchika Gupta <ruchika.gupta@nxp.com>
Date: Fri, 17 Apr 2020 20:09:29 +0530
Subject: [PATCH] drivers: caam: Fix alignment fault caused by caam_desc_pop()

Size of each JR Output ring entry is of 12 bytes for CAAM
using address pointer size as 64 bit. The descriptor address
pointer thus lies at 32 bit boundary in second output ring entry.
64 bit access of descriptor pointer at 32 bit boundary generates
alignment fault. To fix this,  descriptor address pointer should
be accessed as two 32 bit operations.

 regression_1004 Test User Crypt TA

E/TC:03 00 Core data-abort at address 0xfc09e74c (alignment fault)
E/TC:03 00  esr 0x96000021  ttbr0 0x20000fc0d7060   ttbr1 0x00000000   cidr 0x0
E/TC:03 00  cpu #3          cpsr 0x200001c4
E/TC:03 00  x0  00000000fc09e74c x1  0000000000000000
E/TC:03 00  x2  0000000000000050 x3  0000008000010100
E/TC:03 00  x4  0000000000000003 x5  00000000fc0e46e5
E/TC:03 00  x6  00000000fc09e74c x7  00000000fc09df78
E/TC:03 00  x8  0000000000000078 x9  00000000fc09c110
E/TC:03 00  x10 0000000041001900 x11 00000000ab12a911
E/TC:03 00  x12 0000000032e4d24d x13 00000000fc0e46e5
E/TC:03 00  x14 0000000000000000 x15 0000000000000000
E/TC:03 00  x16 00000000fc0e4b88 x17 0000000000000000
E/TC:03 00  x18 0000000000000000 x19 0000000000000000
E/TC:03 00  x20 000000000000270f x21 00000000fc07c000
E/TC:03 00  x22 00000000fc07c000 x23 0000000000000000
E/TC:03 00  x24 00000000fc09e74c x25 00000000fc0716d0
E/TC:03 00  x26 00000000fc09df78 x27 0000000000000000
E/TC:03 00  x28 0000000000000000 x29 00000000fc0e4900
E/TC:03 00  x30 00000000fc01ae8c elr 00000000fc01c124
E/TC:03 00  sp_el0 00000000fc0e4900
E/TC:03 00 TEE load address @ 0xfc000000
E/TC:03 00 Core data-abort at address 0xfc09e74c .debug_info+649036 (alignment fault)
E/TC:03 00 Call stack:
E/TC:03 00  0x00000000fc01c124 caam_desc_pop at core/drivers/crypto/caam/caam_desc.c:88
E/TC:03 00  0x00000000fc01b2ac caam_jr_enqueue at core/drivers/crypto/caam/caam_jr.c:510
E/TC:03 00  0x00000000fc02247c caam_cipher_block at core/drivers/crypto/caam/cipher/caam_cipher.c:331
E/TC:03 00  0x00000000fc022970 do_update_cipher at core/drivers/crypto/caam/cipher/caam_cipher.c:976
E/TC:03 00  0x00000000fc01a290 cipher_update at core/drivers/crypto/crypto_api/cipher/cipher.c:144
E/TC:03 00  0x00000000fc03562c tee_fs_fek_crypt at core/tee/tee_fs_key_manager.c:118
E/TC:03 00  0x00000000fc033dbc verify_root at core/tee/fs_htree.c:549
E/TC:03 00  0x00000000fc031edc ree_fs_open_primitive at core/tee/tee_ree_fs.c:416
E/TC:03 00  0x00000000fc0345d0 tee_fs_dirfile_open at core/tee/fs_dirfile.c:122
E/TC:03 00  0x00000000fc0321cc open_dirh at core/tee/tee_ree_fs.c:530
E/TC:03 00  0x00000000fc032498 ree_fs_open at core/tee/tee_ree_fs.c:604
E/TC:03 00  0x00000000fc0363dc tadb_open at core/tee/tadb.c:214
E/TC:03 00  0x00000000fc036c44 tee_tadb_ta_open at core/tee/tadb.c:633
E/TC:03 00  0x00000000fc00578c secstor_ta_open at core/arch/arm/kernel/secstor_ta.c:19
E/TC:03 00  0x00000000fc026658 system_open_ta_binary at core/pta/system.c:259
E/TC:03 00  0x00000000fc005e24 pseudo_ta_enter_invoke_cmd at core/arch/arm/kernel/pseudo_ta.c:199
E/TC:03 00  0x00000000fc0250dc tee_ta_invoke_command at core/kernel/tee_ta_manager.c:761
E/TC:03 00  0x00000000fc02b398 syscall_invoke_ta_command at core/tee/tee_svc.c:885
E/TC:03 00  0x00000000fc0123bc tee_svc_do_call at core/arch/arm/tee/arch_svc_a64.S:141
E/TC:03 00  0x00000000fc00811c thread_svc_handler at core/arch/arm/kernel/thread.c:1378
E/TC:03 00  0x00000000fc0039e0 el0_svc at core/arch/arm/kernel/thread_a64.S:639

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
---
 core/drivers/crypto/caam/caam_desc.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/core/drivers/crypto/caam/caam_desc.c b/core/drivers/crypto/caam/caam_desc.c
index b74026a8e71..3f848fc88cc 100644
--- a/core/drivers/crypto/caam/caam_desc.c
+++ b/core/drivers/crypto/caam/caam_desc.c
@@ -80,10 +80,11 @@ void caam_desc_push(struct caam_inring_entry *in_entry, paddr_t paddr)
 
 paddr_t caam_desc_pop(struct caam_outring_entry *out_entry)
 {
+	const uint32_t *a32 = (const uint32_t *)(&out_entry->desc);
 #ifdef CFG_CAAM_BIG_ENDIAN
-	return get_be64(&out_entry->desc);
+	return SHIFT_U64(get_be32(&a32[0]), 32) | get_be32(&a32[1]);
 #else
-	return get_le64(&out_entry->desc);
+	return SHIFT_U64(a32[1], 32) | a32[0];
 #endif /* CFG_CAAM_BIG_ENDIAN */
 }
 #else /* CFG_CAAM_64BIT */